The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to external control of file names or paths, allows a perpetrator to load arbitrary PHP scripts and intercept plugin loaders to execute these scripts at will.
The vulnerability of the GLPI system for requests, incidents, and computer equipment inventory management is related to external control of file names or paths. Exploiting this vulnerability allows a malicious actor to load any arbitrary PHP script and intercept the plugin loader to execute that...